W dniu poniedziałek, 1 sierpnia 2016 00:41:08 UTC+2 użytkownik Stephen Moreno napisał: > Hi, > > > > I'm looking to build a new desktop system for Qubes. In an ideal world I > would use a motherboard with a Libreboot open source BIOS, however this is > currently not practical. > > > > I am therefore intending to use a motherboard with an AMD AM3 chipset, to at > least avoid the AMD PSP and Intel ME technologies. This would either contain > a proprietary legacy BIOS or a newer UEFI BIOS. My question is, what would be > most preferable for a secure Qubes system? > > > > It is my current understanding that once a legacy BIOS has finished > initializing the hardware, it hands off to the OS and no longer executes. In > contrast, a UEFI BIOS has runtime services that continue to execute while the > OS is running. > > > > I was therefore coming to the conclusion that if the BIOS was compromised > (and it could potentially be compromised before I received it), then a system > that could only run a legacy BIOS would be preferable, as it could > theoretically do less damage. > > > > The Wikipedia page on UEFI also states, “UEFI can support remote diagnostics > and repair of computers, even with no operating system installed”. > (https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) > > This has me further concerned about UEFI in a proprietary form. > > > > Are there any benefits of a UEFI BIOS that would outweigh my concerns? > > > > Any input on this topic would be much appreciated.
Easier troubleshooting/updating/diagnostics. Modern UEFI installed on e.g gaming motherboards can update itself over Ethernet connection, reinstall itself from scratch and sometimes contains a built-in mini-linux. If you do not need such bonuses then legacy BIOS will do just fine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c36d44aa-90ca-43a2-baff-1b0f0b6603c6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
